Hello again. First up, I use Linux a fair bit for my university work and with some help got a copy and dual booted my machine. So while you're correct about the copyright comment, I'm fine. Also does the fact that this machine dual boots affect anything?
Anyway, here come the logs.
GMER 1.0.15.14966 -
http://www.gmer.netRootkit scan 2009-04-20 10:05:43
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB64244EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB6424581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB6424498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB64244AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB6424595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB64245C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB6424634]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB6424619]
Code 89CCE2E8 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB642452A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB642465E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB642456D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB6424470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB6424484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB64244FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB642469A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB6424603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB64245ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB64245AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB6424686]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB6424672]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB64244D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB64244C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB64245D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB6424559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB6424648]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB6424540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB6424514]
Code 8A812AE6 IofCallDriver
Code 8A686436 IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A812AEB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A68643B
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B6424518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B64244EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP B642452E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP B6424544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 89CCE2EC
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP B6424502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP B6424474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP B6424488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP B64244C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP B64244B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP B642449C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP B64244DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP B642455D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219E8 7 Bytes JMP B64245F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D36 7 Bytes JMP B64245DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622060 7 Bytes JMP B642464C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228FE 7 Bytes JMP B6424607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 3 Bytes JMP B64245AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey + 4 806231D6 3 Bytes [35, 90, 90]
PAGE ntkrnlpa.exe!ZwCreateKey 806237B0 5 Bytes JMP B6424585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 7 Bytes JMP B6424599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 7 Bytes JMP B64245C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP B6424638 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425A 3 Bytes JMP B642461D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey + 4 8062425E 3 Bytes [35, 90, 90]
PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP B6424571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EA8 7 Bytes JMP B642469E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625168 5 Bytes JMP B6424676 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585C 5 Bytes JMP B642468A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 5 Bytes JMP B6424662 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10F8D
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10FA8
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10076
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10FB9
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D100B3
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D10F6B
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10F2B
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F46
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D10F06
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D1005B
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D10F7C
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D10036
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D100C4
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10F9B
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10058
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00FBE
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00053
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00FE3
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00042
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C0001D
.text C:\WINDOWS\system32\svchost.exe[652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[652] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[652] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[652] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00C2002C
.text C:\WINDOWS\system32\svchost.exe[652] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040082
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040F8D
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040067
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040F9E
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040039
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000400C4
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000400A9
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000400F0
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040F57
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040101
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0004004A
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00040F72
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040FC3
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FDE
.text C:\WINDOWS\system32\services.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000400D5
.text C:\WINDOWS\system32\services.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D60036
.text C:\WINDOWS\system32\services.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D60FA8
.text C:\WINDOWS\system32\services.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D6001B
.text C:\WINDOWS\system32\services.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60FE5
.text C:\WINDOWS\system32\services.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D60065
.text C:\WINDOWS\system32\services.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\services.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D60FB9
.text C:\WINDOWS\system32\services.exe[940] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 88]
.text C:\WINDOWS\system32\services.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\services.exe[940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FA4
.text C:\WINDOWS\system32\services.exe[940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FB5
.text C:\WINDOWS\system32\services.exe[940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070FC6
.text C:\WINDOWS\system32\services.exe[940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD008E
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F99
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD007D
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0062
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F63
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD00AB
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD00C6
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0F2D
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD00D7
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0051
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0F74
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\lsass.exe[952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F3E
.text C:\WINDOWS\system32\lsass.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F8001B
.text C:\WINDOWS\system32\lsass.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80F79
.text C:\WINDOWS\system32\lsass.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FCA
.text C:\WINDOWS\system32\lsass.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FDB
.text C:\WINDOWS\system32\lsass.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80F94
.text C:\WINDOWS\system32\lsass.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\lsass.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F80FA5
.text C:\WINDOWS\system32\lsass.exe[952] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 89]
.text C:\WINDOWS\system32\lsass.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F8002C
.text C:\WINDOWS\system32\lsass.exe[952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70064
.text C:\WINDOWS\system32\lsass.exe[952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70049
.text C:\WINDOWS\system32\lsass.exe[952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70038
.text C:\WINDOWS\system32\lsass.exe[952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\lsass.exe[952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70FD9
.text C:\WINDOWS\system32\lsass.exe[952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70011
.text C:\WINDOWS\system32\lsass.exe[952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F6000A
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02650000
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0265007D
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02650062
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02650F94
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02650FAF
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02650047
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026500AE
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02650F66
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02650F2D
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026500D0
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02650F1C
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02650FC0
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02650011
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02650F77
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02650FDB
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0265002C
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026500BF
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02680014
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02680051
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02680FB9
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02680FDE
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02680036
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02680FEF
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02680F9E
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [88, 8A]
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02680025
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02670F95
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!system 77C293C7 5 Bytes JMP 02670020
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02670FC1
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02670FEF
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02670FB0
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02670FDE
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02660FEF
.text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02690FEF
.text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02690FD4
.text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0269000A
.text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 0269002F
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0F72
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0F8D
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB0F9E
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB005B
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0040
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB009D
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB0F61
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB0F15
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB00AE
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB0EFA
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB0FAF
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB001B
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB008C
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB0FD4
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB0FE5
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB0F30
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FDB
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0F8A
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE0022
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0FA5
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FE0047
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE0FC0
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0FD9
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0064
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD002E
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD000C
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0049
.text C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD001D
.text C:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02DA000A
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02DA0F77
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02DA0F88
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02DA0062
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02DA0047
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02DA0FC0
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02DA0F35
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02DA007D
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02DA0EFF
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02DA0F10
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02DA0EE4
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02DA0FA5
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02DA001B
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02DA0F52
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02DA002C
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02DA0FDB
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02DA008E
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03590047
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03590FAC
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0359002C
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0359001B
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03590069
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03590000
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03590058
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03590FD1
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02EC003D
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!system 77C293C7 5 Bytes JMP 02EC002C
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02EC0FCD
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02EC0FEF
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02EC0FB2
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02EC0FDE
.text C:\WINDOWS\System32\svchost.exe[1408] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02DB0000
.text C:\WINDOWS\System32\svchost.exe[1408] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 035A0000
.text C:\WINDOWS\System32\svchost.exe[1408] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 035A0011
.text C:\WINDOWS\System32\svchost.exe[1408] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 035A0FE5
.text C:\WINDOWS\System32\svchost.exe[1408] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 035A0FCA
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A50F8D
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A50F9E
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A50FB9
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A50076
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A50036
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A500D5
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A500C4
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A50F61
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A50F72
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A50115
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A5005B
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A500A7
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A50FCA
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A5001B
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A500F0
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FDE
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A3006C
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A3002F
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30FAF
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A30051
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30040
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20036
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20FB5
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A2001B
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20FC6
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[1660] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1660] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00A4001B
.text C:\WINDOWS\system32\svchost.exe[1660] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00A4002C
.text C:\WINDOWS\system32\svchost.exe[1660] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 00A4003D
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1852] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01670FEF
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01670F83
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01670082
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01670FA8
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01670065
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01670FB9
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 016700AE
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01670F68
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01670F37
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016700D0
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016700E1
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0167004A
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0167000A
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01670093
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01670FD4
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01670025
.text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 016700BF
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01650F9E
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01650014
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01650FB9
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01650FD4
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01650F57
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01650FEF
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01650F7C
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 89]
.text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01650F8D
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0164003D
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!system 77C293C7 5 Bytes JMP 01640022
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01640011
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01640FEF
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01640FB2
.text C:\WINDOWS\Explorer.EXE[1964] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01640000
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01660000
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01660011
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 0166002C
.text C:\WINDOWS\Explorer.EXE[1964] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 01660FE5
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01770000
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0118000A
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01180F79
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01180F94
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01180062
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01180051
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01180FCA
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0118009F
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01180F57
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01180F2B
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01180F3C
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011800DF
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01180FB9
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0118001B
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01180F68
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01180FE5
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01180036
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011800BA
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01160039
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0116006F
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01160FDE
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01160FEF
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01160FBC
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0116000A
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01160054
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01160FCD
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01150F89
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!system 77C293C7 5 Bytes JMP 01150FA4
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0115000A
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01150FE3
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01150FB5
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01150FD2
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01140FEF
.text C:\WINDOWS\system32\svchost.exe[1976] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01170000
.text C:\WINDOWS\system32\svchost.exe[1976] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01170FEF
.text C:\WINDOWS\system32\svchost.exe[1976] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01170FDE
.text C:\WINDOWS\system32\svchost.exe[1976] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 01170025
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D7009D
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70FB2
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70080
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D7006F
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D7004A
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D700C4
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D70F7C
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D7010B
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D700FA
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D7011C
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70FCD
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D70FDE
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D70F8D
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D7002F
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D7001E
.text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D700DF
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D5002F
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50F8A
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D50FAF
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D50051
.text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50040
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D4004E
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D4003D
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40022
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40FCD
.text C:\WINDOWS\system32\svchost.exe[2100] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D40011
.text C:\WINDOWS\system32\svchost.exe[2100] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[2100] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D60FE5
.text C:\WINDOWS\system32\svchost.exe[2100] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\svchost.exe[2100] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D60FC3
.text C:\WINDOWS\system32\svchost.exe[2100] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 00D60FB2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F66
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0027005B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F81
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270040
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FAF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270091
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270076
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700BD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700A2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F09
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F9E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F55
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0027001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F24
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FCD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0036004A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360014
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360039
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360F97
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FBC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F9E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FAF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370029
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370018
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 00C4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!HttpOpenRequestA 78064321 5 Bytes JMP 00CD000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetConnectA 7806497A 5 Bytes JMP 00C2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetConnectW 78065B68 5 Bytes JMP 00C3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!HttpOpenRequestW 78065D42 5 Bytes JMP 00CE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 00C6000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 00C5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 009A0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!HttpSendRequestA 7806CD40 5 Bytes JMP 00CB000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 009A0FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 009A0FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetSetStatusCallback 7807288F 5 Bytes JMP 00C9000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!HttpSendRequestW 7808082D 5 Bytes JMP 00CC000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetReadFileExW 78082AB2 5 Bytes JMP 00C8000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetReadFileExA 78082AEA 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 009A0FC3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] WININET.dll!InternetSetStatusCallbackW 780BB148 5 Bytes JMP 00CA000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2872] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02650000
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0075
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0064
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F8A
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F9B
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB6
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00A1
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0090
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F2D
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F3E
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F1C
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0047
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0011
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F65
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0022
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FDB
.text C:\Program Files\Messenger\msmsgs.exe[3636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00BC
.text C:\Program Files\Messenger\msmsgs.exe[3636] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FB0
.text C:\Program Files\Messenger\msmsgs.exe[3636] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FC1
.text C:\Program Files\Messenger\msmsgs.exe[3636] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A000C
.text C:\Program Files\Messenger\msmsgs.exe[3636] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\Program Files\Messenger\msmsgs.exe[3636] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0027
.text C:\Program Files\Messenger\msmsgs.exe[3636] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\Program Files\Messenger\msmsgs.exe[3636] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0025
.text C:\Program Files\Messenger\msmsgs.exe[3636] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0FA5
.text C:\Program Files\Messenger\msmsgs.exe[3636] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3636] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B000A
.text C:\Program Files\Messenger\msmsgs.exe[3636] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B006C
.text C:\Program Files\Messenger\msmsgs.exe[3636] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3636] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0051
.text C:\Program Files\Messenger\msmsgs.exe[3636] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0040
.text C:\Program Files\Messenger\msmsgs.exe[3636] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002C0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3636] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002D0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3636] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002D0000
.text C:\Program Files\Messenger\msmsgs.exe[3636] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002D0FCA
.text C:\Program Files\Messenger\msmsgs.exe[3636] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 002D0011
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
OTViewIt logfile created on: 4/20/2009 10:30:45 AM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Adrian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.08% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 15.55 Gb Free Space | 22.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VALINDRA
Current User Name: Adrian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ========== [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
[2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2009/01/08 19:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2009/01/09 10:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2009/01/09 07:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2006/08/03 17:50:46 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[2007/12/11 13:06:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2007/01/08 22:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2005/01/14 08:32:00 | 00,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
[2007/09/08 04:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
[2004/03/13 03:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2007/09/08 04:16:50 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
[2007/09/08 04:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
[2009/01/08 19:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2009/02/06 20:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2005/03/16 04:33:00 | 00,127,037 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2005/08/11 15:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/12/28 10:55:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2005/12/28 10:56:16 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2008/04/14 10:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/08/03 17:51:42 | 01,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
[2006/03/24 16:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/03/08 11:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006/11/09 14:07:30 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[2003/11/18 16:20:46 | 00,045,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
[2006/09/01 15:57:48 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2007/01/08 22:26:08 | 00,068,640 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2007/03/09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[2008/04/27 18:29:15 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/04/14 10:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/08/03 15:43:27 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/02/08 20:43:14 | 00,095,800 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2005/12/28 10:52:32 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2009/02/28 14:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2009/03/31 14:35:13 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/04/20 10:10:41 | 00,021,505 | ---- | M] () -- C:\Documents and Settings\Adrian\Local Settings\Temp\1616398694.exe
[2008/04/14 10:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2009/04/20 10:07:36 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Desktop\OTViewIt.exe
========== (O23) Win32 Services ========== [2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2009/03/01 17:43:01 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/10/09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2009/01/16 16:21:40 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2007/10/11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
[2009/01/08 19:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2009/01/09 10:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2009/04/01 14:21:30 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2009/01/09 07:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [On_Demand | Running])
[2007/10/11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/08/03 17:50:46 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2007/12/11 13:06:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/01/08 22:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2005/01/14 08:32:00 | 00,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
[2007/09/08 04:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen [Auto | Running])
[2004/03/13 03:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services ========== [2007/02/07 13:35:45 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[1997/12/23 13:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
[2007/07/18 10:38:43 | 00,278,728 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2006/08/17 07:55:16 | 00,044,544 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2004/12/14 07:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2005/02/02 02:22:00 | 00,088,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/12/23 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2008/04/14 02:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/12/01 00:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/12/01 00:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2008/04/14 04:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/07/18 10:38:43 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2005/10/04 22:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2009/03/25 11:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2009/03/25 11:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2009/03/25 11:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2009/03/25 11:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2009/03/25 11:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2008/10/23 12:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2007/12/11 13:06:00 | 07,438,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/04/13 16:28:28 | 00,155,648 | ---- | M] (PixArt Imaging Inc.) -- C:\WINDOWS\system32\drivers\PA707UCM.SYS -- (PAC7311 [On_Demand | Stopped])
[2004/08/04 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2009/03/01 17:37:49 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/07/14 17:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/07/12 18:00:30 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/07/14 16:28:38 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2005/12/28 12:22:08 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/14 04:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 20:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/12/02 10:04:20 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/12/02 10:04:10 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2006/03/24 16:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2006/03/08 11:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/03/16 04:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/03/16 04:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/03/16 04:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/03/16 04:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/03/16 04:33:00 | 00,086,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/03/16 04:33:00 | 00,014,877 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/03/16 04:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/03/16 04:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/03/16 04:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2008/04/14 04:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Running])
[2007/02/17 05:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
[2007/02/17 04:30:12 | 00,012,848 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
[2007/02/16 10:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
[2005/12/01 00:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/14 04:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2004/08/04 20:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ========== HOSTS File = (306417 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
10551 more lines...
========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{D7BF4552-94F1-42BD-F434-3604812C856D} (HKLM) -- C:\WINDOWS\system32\jh9fgo4ksdgf.dll ()
========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NVHotkey"=rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"Ulead AutoDetector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Diagnostic Manager"=C:\DOCUME~1\Adrian\LOCALS~1\Temp\1616398694.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" (OLYMPUS IMAGING CORP.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=C:\WINDOWS\TEMP\pu2zg.exe File not found
"Windows Resurections"=C:\WINDOWS\TEMP\pu2zg.exe File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=C:\WINDOWS\TEMP\pu2zg.exe File not found
"Windows Resurections"=C:\WINDOWS\TEMP\pu2zg.exe File not found
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Diagnostic Manager"=C:\DOCUME~1\Adrian\LOCALS~1\Temp\1616398694.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" (OLYMPUS IMAGING CORP.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
========== (O4) Startup Folders ========== ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoCDBurning"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=1
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=1
========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2004/05/18 16:58:40 | 10,080,960 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2004/05/18 16:58:40 | 10,080,960 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [2006/11/09 14:21:53 | 00,075,528 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 04:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> [2006/11/09 14:21:53 | 00,075,528 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> [2006/11/09 14:21:53 | 00,075,528 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" =
http://activex.microsoft.com/controls/find...=%s&mime=%sPluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
internet: about in Trusted sites
mcafee.com: http in Trusted sites
mcafee.com: https in Trusted sites
51 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
internet: about in Trusted sites
mcafee.com: http in Trusted sites
mcafee.com: https in Trusted sites
51 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}:
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab -- Reg Error: Key does not exist or could not be opened.
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}:
http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}:
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}:
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}:
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}:
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}:
http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
========== (O17) DNS Name Servers ========== {19DCA668-BE27-4F07-BF17-47518A4A4D76} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)
{6E2E535A-E47A-404F-A698-1A945BEFF5FF} (Servers: | Description: 1394 Net Adapter)
{DD7E0E9B-376B-499C-9B34-5E1A41815853} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
========== (O22) Shared Task Scheduler ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D7BF4552-94F1-42BD-F434-3604812C856D}" (HKLM) = sfdawtawgreage4tregrgae34 -- C:\WINDOWS\system32\jh9fgo4ksdgf.dll ()
========== Safeboot Options ========== "AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ========== AUTOEXEC.BAT []
[2007/02/07 13:03:11 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c6b9f02-063b-11de-9696-00188bad5254}\Shell\AutoRun\command]
""=wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64dc60ec-18ce-11de-96c9-00188bad5254}\Shell\AutoRun\command]
""=explorer .
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64dc60ec-18ce-11de-96c9-00188bad5254}\Shell\mobile\command]
""=E:\MobileLaunch.exe -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6737213-c700-11db-91fc-00188bad5254}\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6737213-c700-11db-91fc-00188bad5254}\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6737213-c700-11db-91fc-00188bad5254}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found
========== Files/Folders - Created Within 30 Days ========== [2009/04/20 10:16:39 | 00,122,368 | -HS- | C] () -- C:\Documents and Settings\Adrian\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Adrian\My Documents\Thumbs.db:encryptable
[2009/04/20 10:07:33 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Desktop\OTViewIt.exe
[2009/04/20 09:58:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Desktop\gmer
[2009/04/20 09:52:28 | 00,278,161 | ---- | C] () -- C:\Documents and Settings\Adrian\Desktop\gmer.zip
[2009/04/19 14:28:14 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Adrian\Desktop\dds(2).scr
[2009/04/19 14:27:10 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Adrian\Desktop\dds.scr
[2009/04/19 14:27:07 | 00,252,537 | ---- | C] () -- C:\Documents and Settings\Adrian\Desktop\dds.scr.part
[2009/04/19 13:14:52 | 00,212,849 | ---- | C] () -- C:\Documents and Settings\Adrian\Desktop\hijackthis.zip
[2009/04/17 18:33:03 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/17 17:11:43 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/17 17:11:41 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/17 17:11:40 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/17 17:11:39 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/17 17:11:37 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/17 17:11:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/17 17:11:33 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/17 17:11:32 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/17 17:11:30 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/17 17:10:19 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/17 17:10:15 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 23:53:50 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\Book1_fit_dis_bleep.xls
[2009/04/16 06:53:39 | 00,000,046 | ---- | C] () -- C:\WINDOWS\System32\p2hhr.bat
[2009/04/16 06:50:38 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\jh9fgo4ksdgf.dll
[2009/04/12 23:02:39 | 00,078,513 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\iobw10.jpg
[2009/04/12 23:00:12 | 00,073,322 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\iobw4.jpg
[2009/04/12 22:58:21 | 00,077,769 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\iobw7.jpg
[2009/04/12 22:33:25 | 00,111,241 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\iobw14.jpg
[2009/04/12 00:57:46 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/12 00:57:46 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/10 23:44:39 | 00,024,072 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\n1.rtf
[2009/04/10 23:44:30 | 00,005,784 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\g2.rtf
[2009/04/09 20:17:41 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\Book1b.xls
[2009/04/04 10:57:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Desktop\AuctioneerSuite-5.3.4105
[2009/04/04 10:55:29 | 03,024,963 | ---- | C] () -- C:\Documents and Settings\Adrian\Desktop\AuctioneerSuite-5.3.4105.zip
[2009/04/03 20:42:20 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\Book1r.xls
[2009/04/02 13:48:11 | 00,145,451 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\3399097433_4302ba4ea4.jpg
[2009/04/01 23:12:28 | 01,199,889 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\FoolsGroveDelve.pdf
[2009/03/31 18:28:04 | 00,460,838 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\58.jpg
[2009/03/30 22:28:53 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\Book1_o.xls
[2009/03/22 16:15:06 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Adrian\My Documents\This thesis pertains to the creation of a 9.doc
[2009/03/22 00:06:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/04/20 10:28:16 | 00,147,968 | ---- | M] () -- C:\Documents and Settings\Adrian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/20 10:16:52 | 00,122,368 | -HS- | M] () -- C:\Documents and Settings\Adrian\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Adrian\My Documents\Thumbs.db:encryptable
[2009/04/20 10:07:36 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Desktop\OTViewIt.exe
[2009/04/20 10:07:16 | 00,023,857 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/20 09:57:48 | 00,231,547 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/04/20 09:54:42 | 00,526,212 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/20 09:54:42 | 00,444,656 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/20 09:54:42 | 00,072,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/20 09:52:29 | 00,278,161 | ---- | M] () -- C:\Documents and Settings\Adrian\Desktop\gmer.zip
[2009/04/20 09:50:53 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/20 09:50:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/20 09:50:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/19 14:28:15 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Adrian\Desktop\dds(2).scr
[2009/04/19 14:27:10 | 00,252,537 | ---- | M] () -- C:\Documents and Settings\Adrian\Desktop\dds.scr.part
[2009/04/19 14:27:10 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Adrian\Desktop\dds.scr
[2009/04/19 13:14:56 | 00,212,849 | ---- | M] () -- C:\Documents and Settings\Adrian\Desktop\hijackthis.zip
[2009/04/18 23:58:00 | 00,231,547 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/04/18 23:11:07 | 00,306,417 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/17 18:34:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/17 18:33:03 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/17 14:26:45 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\Book1_fit_dis_bleep.xls
[2009/04/16 23:52:05 | 00,000,046 | ---- | M] () -- C:\WINDOWS\System32\p2hhr.bat
[2009/04/16 14:58:40 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\Book1_o.xls
[2009/04/16 14:58:37 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\Book1b.xls
[2009/04/16 14:58:35 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\Book1r.xls
[2009/04/16 14:57:40 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\Book1h.xls
[2009/04/16 06:50:38 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\jh9fgo4ksdgf.dll
[2009/04/12 23:02:40 | 00,078,513 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\iobw10.jpg
[2009/04/12 23:00:12 | 00,073,322 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\iobw4.jpg
[2009/04/12 22:58:22 | 00,077,769 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\iobw7.jpg
[2009/04/12 22:33:33 | 00,111,241 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\iobw14.jpg
[2009/04/12 01:00:28 | 00,313,476 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090418-231107.backup
[2009/04/12 00:57:46 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/12 00:57:46 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/10 23:44:39 | 00,024,072 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\n1.rtf
[2009/04/10 23:44:30 | 00,005,784 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\g2.rtf
[2009/04/07 00:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/04 10:55:40 | 03,024,963 | ---- | M] () -- C:\Documents and Settings\Adrian\Desktop\AuctioneerSuite-5.3.4105.zip
[2009/04/02 21:28:40 | 02,111,196 | ---- | M] () -- C:\Documents and Settings\Adrian\Local Settings\Application Data\IconCache.db
[2009/04/02 13:48:13 | 00,145,451 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\3399097433_4302ba4ea4.jpg
[2009/04/01 23:12:28 | 01,199,889 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\FoolsGroveDelve.pdf
[2009/03/31 18:28:05 | 00,460,838 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\58.jpg
[2009/03/27 16:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/25 11:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/03/25 11:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/03/25 11:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/03/25 11:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/03/25 11:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/03/22 17:58:46 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Adrian\My Documents\This thesis pertains to the creation of a 9.doc
[2009/03/22 00:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/22 00:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
< End of report >
OTViewIt Extras logfile created on: 4/20/2009 10:30:45 AM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Adrian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.08% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.36 Gb Total Space | 15.55 Gb Free Space | 22.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VALINDRA
Current User Name: Adrian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 10:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 04:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 10:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/02/08 16:44:51 | 00,784,032 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/02/08 16:55:19 | 00,771,473 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/02/14 09:37:07 | 00,771,373 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/02/16 06:58:28 | 00,771,353 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/03/07 15:34:43 | 00,771,362 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/04/04 13:32:22 | 00,771,411 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2009/02/12 20:30:10 | 02,172,400 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
File not found -- C:\Program Files\Monte Cristo\Silverfall\Silverfall.exe:*:Enabled:Silverfall
[2008/04/14 10:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Codemasters\RF Online;\RF.exe:*:Enabled:RFLauncher
[2008/05/11 21:19:30 | 05,423,104 | ---- | M] (
http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
[2008/03/07 22:44:00 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
[2008/04/14 04:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
File not found -- C:\Documents and Settings\Adrian\Local Settings\Temp\Blizzard Launcher Temporary - 0b9cbc68\Launcher.exe:*:Enabled:Blizzard Launcher
[2009/01/09 10:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
========== (O18) Protocol Handlers ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/03/22 18:58:02 | 08,140,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/13 11:44:56 | 00,150,032 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])
========== (O18) Protocol Filters ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 21:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{E1A63F75-1F72-4450-980D-434496FFC646}"=Corel Painter Essentials 4
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}"=DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1DDF840B-A50A-491E-BF44-6D6964C451A8}"=VGA USB Camera
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}"=DivX Version Checker
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}"=Ulead VideoStudio 8.0 SE DVD
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}"=mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}"=VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{91CA0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Small Business Edition 2003
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}"=Microsoft Games for Windows - LIVE Redistributable
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}"=Fallout 3
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}"=Broadcom 440x 10/100 Integrated Controller
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}"=mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A96E97134CA649888820BCDE5E300BBD}"=H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}"=MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}"=AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB49B376-1136-44B4-83FA-036334B59937}"=OLYMPUS Master 2
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}"=Ulead Photo Explorer 8.0 SE Basic
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}"=OLYMPUS muvee theaterPack
"{E1A63F75-1F72-4450-980D-434496FFC646}"=Corel Painter Essentials 4
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}"=QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F54AC413-D2C6-4A24-B324-370C223C6250}"=Adobe Photoshop Elements 6.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}"=Dell Resource CD
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B"=Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727"=Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"AD&D Core Rules 2.0 Expansion"=Advanced Dungeons & Dragons Core Rules 2.0 Expansion
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6"=Adobe Photoshop Elements 6.0
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"AGEIA PhysX v2.4.4"=AGEIA PhysX v2.4.4
"Azureus Vuze"=Azureus Vuze
"Caligari trueSpace7.6_is1"=Uninstall trueSpace7.6
"Campaign Mapper"=Campaign Mapper
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-09-21 16:18
"Diablo II"=Diablo II
"DivX Plus DirectShow Filters"=DivX Plus DirectShow Filters
"DVD Shrink_is1"=DVD Shrink 3.2
"eMule"=eMule
"Evil Genius_is1"=Evil Genius
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7"=Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"ffvfw"=ffvfw (uninstall only)
"HijackThis"=HijackThis 1.99.1
"Homeworld2"=Homeworld2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"Manual video for trueSpace7.6_is1"=Manual video for trueSpace7.6
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.8)"=Mozilla Firefox (3.0.8)
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Pen Tablet Driver"=Pen Tablet
"ProInst"=Intel® PROSet/Wireless Software
"RealPlayer 6.0"=RealPlayer
"Sam and Max - Season One"=Sam and Max - Season One 1.0
"ST6UNST #1"=NSRCG
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"I-Doser v4"=I-Doser v4
========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1957994488-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"I-Doser v4"=I-Doser v4
========== Last 10 Event Log Errors ==========[ Application Events ]
Error - 12/21/2008 6:09:43 AM | Computer Name = VALINDRA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/29/2008 9:59:55 AM | Computer Name = VALINDRA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
Error - 12/30/2008 7:13:26 AM | Computer Name = VALINDRA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
Error - 2/14/2009 7:47:17 AM | Computer Name = VALINDRA | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/14/2009 7:47:28 AM | Computer Name = VALINDRA | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.
Error - 2/26/2009 8:23:19 AM | Computer Name = VALINDRA | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1288 (0x508) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\CdRom0\setup.exe by D:\autorun\autorun_inst.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 3/8/2009 7:44:10 AM | Computer Name = VALINDRA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/13/2009 9:11:13 AM | Computer Name = VALINDRA | Source = Application Error | ID = 1000
Description = Faulting application McNASvc.exe, version 3.3.104.0, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000118e9.
Error - 4/5/2009 10:58:41 PM | Computer Name = VALINDRA | Source = ESENT | ID = 485
Description = wuauclt (172) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).
Error - 4/5/2009 10:58:42 PM | Computer Name = VALINDRA | Source = ESENT | ID = 485
Description = wuauclt (172) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).
[ System Events ]
Error - 4/19/2009 2:54:00 AM | Computer Name = VALINDRA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 4/19/2009 2:54:12 AM | Computer Name = VALINDRA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 4/19/2009 2:55:05 AM | Computer Name = VALINDRA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
Error - 4/19/2009 2:55:14 AM | Computer Name = VALINDRA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
Error - 4/19/2009 3:18:32 AM | Computer Name = VALINDRA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McShield with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error - 4/19/2009 3:18:32 AM | Computer Name = VALINDRA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
Error - 4/19/2009 3:19:37 AM | Computer Name = VALINDRA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).
Error - 4/19/2009 5:32:44 AM | Computer Name = VALINDRA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 4/19/2009 5:32:53 AM | Computer Name = VALINDRA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 4/19/2009 7:11:45 AM | Computer Name = VALINDRA | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).
< End of report >